This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Disable offline day downloads yet run offline local Sservice for RSA Authentication Agent 7.2.1 for Windows

Article Number

000030095

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.2.1

Issue

Use case

  • During a load test of RSA Authentication Agent 7.2.1 for Windows build 73 (7.2.1.73), logon errors started happening after 30 RDP users connected to the  Windows server.
  • The server is always LAN connected; therefore, the users who connect to this server never need Offline Authentication download days.
  • Users would like to use Windows Password Integration, which uses the RSA Authentication Agent Offline Local Service (to TCP port 5580 on the RSA Authentication Manager server).  
  • The download of offline days appears to be slowing down the Windows server, preventing some users from connecting and authenticating (typically the 31st user).
  • Admins would like to disable the downloading of offline days on the server, but leave the Offline Local Auth service running in case a user needs to change/update their Windows password.

Task

  1. Delete the InstallDir registry string from HKEY_LOCAL_MACHINE\SOFTWARE\RSA\RSA Desktop Common\Disconnected Authentication\ in the Windows Registry.
  2. Upgrade to the latest RSA Authentication Agent 7.4.3 for Windows (latest release as of 9 January 2020).
  3. (The latest windows agent is available on RSA LINK web site 
The right approach is to disable the DA_SVC by using the registry.  Stopping the DA_SVC without registry key isolation causes more problems than it fixes.

Resolution

  1. From Start, type regedit to open the Registry Editor.
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\RSA\RSA Desktop Common\Disconnected Authentication\.
  3. Delete the InstallDir registry string.
Image descriptionImage description

Notes

AAWIN-2180 (Lac Agent 7.2.1.72 - RDP timeout timeout issue and login issue) addressed this issue and was closed in 2015.

If one only needs to retrieve the password from the server as the user logs in, then one does not need the Offline Authentication Service.    (AceGetLoginPW() retrieves the password from the sSUSER structure's loginPW member). However, if one also needs to support updating the password on the RSA Authentication Manager server, then one needs to communicate with the Offline Authentication Service (AceSetLoginPW() invokes AceDASetLoginPW() to set the password through the Offline Authentication Service).
 
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-04-23 07:25 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.